diff --git a/certbot-postfix/Dockerfile b/certbot-postfix/Dockerfile deleted file mode 100644 index af478ed5f..000000000 --- a/certbot-postfix/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -FROM certbot_local -MAINTAINER Sydney Li - -WORKDIR /opt/certbot-postfix - -RUN apk add --no-cache --update postfix \ - ca-certificates \ - supervisor \ - rsyslog \ - bash \ - git \ - curl-dev \ - gcc \ - libc-dev - -# Postfix isn't very docker-friendly-- also need to DL rsyslog and -# run them via supervisord. -COPY docker-files/supervisord.conf /etc/supervisord.conf -COPY docker-files/rsyslog.conf /etc/rsyslog.conf -COPY certbot_postfix/ certbot_postfix/ -COPY setup.py setup.py -COPY requirements.txt requirements.txt -RUN pip install --no-cache-dir --editable . -RUN pip install -r requirements.txt - - -ADD tests tests -ADD testdata testdata - -RUN mkdir /var/mail -ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] -EXPOSE 25 diff --git a/certbot-postfix/certbot_postfix/constants.py b/certbot-postfix/certbot_postfix/constants.py index 4f06e1a05..f3068f035 100644 --- a/certbot-postfix/certbot_postfix/constants.py +++ b/certbot-postfix/certbot_postfix/constants.py @@ -1,7 +1,5 @@ """Postfix plugin constants.""" -POLICY_FILENAME = "starttls_everywhere_policy" - CA_CERTS_PATH = "/etc/ssl/certs/" MINIMUM_VERSION = (2, 11,) @@ -55,6 +53,5 @@ CLI_DEFAULTS = dict( tls_only=False, ignore_master_overrides=False, server_only=False, - policy_file=POLICY_FILENAME, ) """CLI defaults.""" diff --git a/certbot-postfix/certbot_postfix/installer.py b/certbot-postfix/certbot_postfix/installer.py index f3e2df473..f443dc758 100644 --- a/certbot-postfix/certbot_postfix/installer.py +++ b/certbot-postfix/certbot_postfix/installer.py @@ -29,11 +29,6 @@ class Installer(plugins_common.Installer): :ivar postconf: Wrapper for Postfix configuration command-line tool. :type postconf: :class: `certbot_postfix.postconf.ConfigMain` - - :ivar policy: A STARTTLS Policy object to query per-domain TLS policies. - :type policy: :class: `policylist.policy.Config` - - :ivar str policy_file: Path to TLS policy file in a format that Postfix expects. """ description = "Configure TLS with the Postfix MTA" @@ -49,8 +44,6 @@ class Installer(plugins_common.Installer): "default configuration paths.") add("config-utility", default=constants.CLI_DEFAULTS["config_utility"], help="Path to the 'postconf' executable.") - add("policy-file", default=constants.CLI_DEFAULTS["policy_file"], - help="Name of the policy file that we should write to in config-dir.") add("tls-only", default=constants.CLI_DEFAULTS["tls_only"], help="Only set params to enable opportunistic TLS and install certificates.") add("server-only", default=constants.CLI_DEFAULTS["server_only"], @@ -74,14 +67,9 @@ class Installer(plugins_common.Installer): # Files to save self.save_notes = [] - # Variables for starttls-policy enhancement - self.policy = None - self.postfix = None - self.policy_file = None - self._enhance_func = {"starttls-policy": self._enable_policy_list} - # Since we only need to enable TLS or the STARTTLS policy once for all domains, + self._enhance_func = {} + # Since we only need to enable TLS once for all domains, # keep track of whether this enhancement was already called. - self._starttls_policy_enabled = False self._tls_enabled = False def _ensure_ca_certificates_exist(self): @@ -127,7 +115,6 @@ class Installer(plugins_common.Installer): # Check Postfix version self._check_version() self._lock_config_dir() - self.policy_file = os.path.join(self.conf('config-dir'), self.conf('policy-file')) self.install_ssl_dhparams() def config_test(self): @@ -256,25 +243,6 @@ class Installer(plugins_common.Installer): self._set_vars(constants.DEFAULT_CLIENT_VARS) self._confirm_changes() - def _enable_policy_list(self, domain, options): - # pylint: disable=unused-argument - if self._starttls_policy_enabled: - return - self._starttls_policy_enabled = True - try: - from starttls_policy import policy - except ImportError: - raise errors.PluginError('STARTTLS Everywhere policy Python module not installed!') - if options is None: - policy = policy.Config() - else: - policy = policy.Config(options) - policy.load() - util.write_domainwise_tls_policies(policy, self.policy_file) - policy_cf_entry = "texthash:" + self.policy_file - self.postconf.set("smtp_tls_policy_maps", policy_cf_entry) - self.postconf.set("smtp_tls_CApath", constants.CA_CERTS_PATH) - def enhance(self, domain, enhancement, options=None): """Raises an exception for request for unsupported enhancement. """ @@ -295,7 +263,7 @@ class Installer(plugins_common.Installer): :rtype: list """ - return ['starttls-policy'] + return [] def save(self, title=None, temporary=False): """Creates backups and writes changes to configuration files. diff --git a/certbot-postfix/certbot_postfix/tests/installer_test.py b/certbot-postfix/certbot_postfix/tests/installer_test.py index a4ef75012..53b0effa8 100644 --- a/certbot-postfix/certbot_postfix/tests/installer_test.py +++ b/certbot-postfix/certbot_postfix/tests/installer_test.py @@ -2,7 +2,6 @@ import functools import os import pkg_resources -import shutil import unittest import mock @@ -19,9 +18,7 @@ class InstallerTest(certbot_test_util.ConfigTestCase): self.config.postfix_ctl = "postfix" self.config.postfix_config_dir = self.tempdir self.config.postfix_config_utility = "postconf" - self.config.postfix_policy_file = os.path.join(self.tempdir, "config.json") self.config.config_dir = self.tempdir - shutil.copyfile(_config_file, self.config.postfix_policy_file) self.mock_postfix = MockPostfix() self.mock_postconf = MockPostconf(self.tempdir, {"mail_version": "3.1.4"}) @@ -29,7 +26,7 @@ class InstallerTest(certbot_test_util.ConfigTestCase): pass def test_add_parser_arguments(self): - options = set(('ctl', 'config-dir', 'config-utility', 'policy-file', + options = set(('ctl', 'config-dir', 'config-utility', 'tls-only', 'server-only', 'ignore-master-overrides')) mock_add = mock.MagicMock() @@ -113,17 +110,7 @@ class InstallerTest(certbot_test_util.ConfigTestCase): def test_supported_enhancements(self): self.assertEqual( self._create_prepared_installer().supported_enhancements(), - ['starttls-policy']) - - def test_enhance_starttls(self): - installer = self._create_prepared_installer() - mock_open = mock.mock_open() - with mock.patch('certbot_postfix.installer.util.open', mock_open): - installer.enhance("example.org", "starttls-policy", self.config.postfix_policy_file) - mock_open().write.assert_called_once_with( - 'example-recipient.com secure ' - 'match=.example-recipient.com:example-recipient.com:mail.example.com ' - 'protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1\n') + []) def _create_prepared_installer(self): """Creates and returns a new prepared Postfix Installer. diff --git a/certbot-postfix/certbot_postfix/util.py b/certbot-postfix/certbot_postfix/util.py index 9a769aa4f..995fc9977 100644 --- a/certbot-postfix/certbot_postfix/util.py +++ b/certbot-postfix/certbot_postfix/util.py @@ -6,8 +6,6 @@ from certbot import errors from certbot import util as certbot_util from certbot.plugins import util as plugins_util -from certbot_postfix import constants - logger = logging.getLogger(__name__) COMMAND = "postfix" @@ -203,55 +201,6 @@ def verify_exe_exists(exe, message=None): if not (certbot_util.exe_exists(exe) or plugins_util.path_surgery(exe)): raise errors.NoInstallationError(message) -def _get_formatted_protocols(min_tls_version, delimiter=":"): - """Enforces the minimum TLS version in a way that Postfix can understand. For instance, - if the min_tls_version is TLS1.1, then Postfix expects: "!SSLv2:!SSLv3:!TLSv1" - - :param str min_tls_version: SSL/TLS version that we expect to be in ACCEPTABLE_TLS_VERSIONS. - :param str delimiter: delimiter for the SSL/TLS declarations. - :rtype str: Protocol declaration, formatted correctly in a Postfix-y way. For instance: - TLSv1.1 => !SSLv2:!SSLv3:!TLSv1 - TLSv1 => !SSLv2:!SSLv3 - """ - if min_tls_version not in constants.ACCEPTABLE_TLS_VERSIONS: - return None - return delimiter.join(["!" + version - for version in constants.TLS_VERSIONS[0:constants.TLS_VERSIONS.index(min_tls_version)]]) - -def _get_formatted_policy_for_domain(address_domain, tls_policy): - """Parses TLS policy specification into a format that Postfix expects. In particular: - protocols= - For instance, let's say we have an entry for mail.example.com with a minimum TLS version of 1.1: - mail.example.com encrypt protocols=!SSLv2:!SSLv3:!TLSv1 - :param address_domain str: The domain we're configuring this policy for. - :param tls_policy dict: TLS policy information. - :rtype str: Properly formatted Postfix TLS policy specification for this domain. - """ - mx_list = tls_policy.mxs - if len(mx_list) == 0: - matches = "" - else: - matches = 'match=' + ':'.join(mx_list) - entry = address_domain + " secure " + matches - protocols_value = _get_formatted_protocols(tls_policy.min_tls_version) - if protocols_value is not None: - entry += " protocols=" + protocols_value - else: - logger.warn('Unknown minimum TLS version: %s', tls_policy.min_tls_version) - return entry - -def write_domainwise_tls_policies(policy, policy_file): - """Writes domainwise tls policies to policy_file in a format that Postfix - can parse. - :param policy: A TLSPolicy object that wraps the STARTTLS Policy List. - :param str policy_file: The filepath to the Postfix tls_policy file that should be written. - """ - policy_lines = [] - for address_domain, tls_policy in policy.policies_iter(): - policy_lines.append(_get_formatted_policy_for_domain(address_domain, tls_policy)) - with open(policy_file, "w") as f: - f.write("\n".join(policy_lines) + "\n") - def report_master_overrides(name, overrides, acceptable_overrides=None): """If the value for a parameter |name| is overridden by other services, report a warning to notify the user. @@ -268,7 +217,7 @@ def report_master_overrides(name, overrides, acceptable_overrides=None): service, value = override # If this override is acceptable: if acceptable_overrides is not None and \ - _is_acceptable_value(name, value, acceptable_overrides): + is_acceptable_value(name, value, acceptable_overrides): continue error_string += " {1}: {2}\n".format(service, value) if len(error_string) > 0: @@ -276,6 +225,9 @@ def report_master_overrides(name, overrides, acceptable_overrides=None): "following services in master.cf:\n" + error_string) def is_acceptable_value(parameter, value, acceptable): + """ Returns whether the `value` for this `parameter` is acceptable, + given a string or tuple `acceptable` + """ # If it's a tuple, there's multiple acceptable options. # Only set a param if it's not acceptable. if isinstance(acceptable, tuple): diff --git a/certbot-postfix/docker-files/rsyslog.conf b/certbot-postfix/docker-files/rsyslog.conf deleted file mode 100644 index 4fdf6906f..000000000 --- a/certbot-postfix/docker-files/rsyslog.conf +++ /dev/null @@ -1,13 +0,0 @@ -$ModLoad immark.so # provides --MARK-- message capability -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) - -# default permissions for all log files. -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -#*.info /dev/stdout -#mail.* /dev/stdout -mail.info /dev/stdout diff --git a/certbot-postfix/docker-files/supervisord.conf b/certbot-postfix/docker-files/supervisord.conf deleted file mode 100644 index bc32d796d..000000000 --- a/certbot-postfix/docker-files/supervisord.conf +++ /dev/null @@ -1,24 +0,0 @@ -[supervisord] -user = root -nodaemon = true -logfile = /dev/null -logfile_maxbytes= 0 - -[program:rsyslog] -command = rsyslogd -n -autostart = true -autorestart = true -startsecs = 2 -stopwaitsecs = 2 -stdout_logfile = /dev/stdout -stderr_logfile = /dev/stderr -stdout_logfile_maxbytes = 0 -stderr_logfile_maxbytes = 0 - -[program:postfix] -process_name = master -autostart = true -autorestart = false -directory = /etc/postfix -command = /usr/sbin/postfix -c /etc/postfix start -startsecs = 0 diff --git a/certbot-postfix/testdata/certificates/ca.crt b/certbot-postfix/testdata/certificates/ca.crt deleted file mode 100644 index 8f745c422..000000000 --- a/certbot-postfix/testdata/certificates/ca.crt +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIJAIQpx8+nzXMdMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j -aXNjbzEMMAoGA1UECgwDRUZGMRYwFAYDVQQLDA1UZWNoIFByb2plY3RzMSAwHgYD -VQQDDBdNYWlsIERlbGl2ZXJ5IE92ZXJsb3JkczAeFw0xODAzMzAyMzA0MjFaFw0y -MTAxMTcyMzA0MjFaMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p -YTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEMMAoGA1UECgwDRUZGMRYwFAYDVQQL -DA1UZWNoIFByb2plY3RzMSAwHgYDVQQDDBdNYWlsIERlbGl2ZXJ5IE92ZXJsb3Jk -czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1rcXDr4/JYmcBntXOQ -OOkHRZCrxg/iDDj1Xy5qarMCKI+l+5JjuQBTN5msve+vQpxrNatt+Pk5N7RuaqGb -l5UDxr38SmzI0HoggMJkFv4h2MEqunVyqEMYJC4AvlpXdz1BLJJ6jJY+XJAcXfNL -1/WAplnP5KWjoFBziiv9Fo6mNyp65o8qLnsrCMs75jU6GQVCfdxmd97elyR+p2c1 -WPJEWSVIT/+sWwIVgYigm+fOQYfccapN91aMdWwizwHbaVamCoxuIWHOdtD0QQBg -kFKQGy3RQUb6byUszKOJyLHtsPTi5DnGNcQZFbExslisYW6wGQ5ZOf2xClIgfb+O -RaECAwEAAaNQME4wHQYDVR0OBBYEFOB4SKwmpWzqSJd5siuLCd9bfAFAMB8GA1Ud -IwQYMBaAFOB4SKwmpWzqSJd5siuLCd9bfAFAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBACUF7wbiH/vuji/C0x1ugxeZh4EXh1p9UA59g7bK3HpeJX/B -gfX8WOtGeu97q3FX0kzjRnb0BvH3BzMfTFKg4juLzruYWhvLaRGz3CtVh1mjocLh -KR3POrdwPL/iJjxizgckTwgvwrQhYrVexeHiBWs7Ge1Wq+d+2MUpuZfeQyBk1xBP -DMQMF6sw/mrjfYKK9M5Kkvz3BBjgihaZxDeEWgZuQCZ9s9nb35gaRUACT3iyovm4 -osajjfIiBV2xwuD4DafOiyuUsEeWw+pGo2f11et2dXsUEsEgY+IGS6qzypIGQL2y -Ygcb8ImHxCR4A8ILUtMuZQ/Fco1V8deZvU1NPIY= ------END CERTIFICATE----- diff --git a/certbot-postfix/testdata/certificates/ca.key b/certbot-postfix/testdata/certificates/ca.key deleted file mode 100644 index 5ebd8de5e..000000000 --- a/certbot-postfix/testdata/certificates/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAvWtxcOvj8liZwGe1c5A46QdFkKvGD+IMOPVfLmpqswIoj6X7 -kmO5AFM3may9769CnGs1q234+Tk3tG5qoZuXlQPGvfxKbMjQeiCAwmQW/iHYwSq6 -dXKoQxgkLgC+Wld3PUEsknqMlj5ckBxd80vX9YCmWc/kpaOgUHOKK/0WjqY3Knrm -jyoueysIyzvmNToZBUJ93GZ33t6XJH6nZzVY8kRZJUhP/6xbAhWBiKCb585Bh9xx -qk33Vox1bCLPAdtpVqYKjG4hYc520PRBAGCQUpAbLdFBRvpvJSzMo4nIse2w9OLk -OcY1xBkVsTGyWKxhbrAZDlk5/bEKUiB9v45FoQIDAQABAoIBAQCgqhWaljrOQGCJ -Vm4OC3J6FXTn9QsWRcHgPh/xmsnN9DK7RSpRTMyKfgtXCbJBLwLs8fKf6bOYkPOy -00UWtoaoGn/kfa4S/3H1ZMRSHdtyyvqzPa7SF+Kopj1p16+dqTq2diV8SP4eId8Z -TTZTOy1+SxTOcQubg2JjWt0D2rPbYaE0DmAqFcXgLOLN6fVQY/Rkr3c7pVKGXqdk -19vKej1fNH1tdUPBEqc/mvijxHKW+HnL2+hTalBBwWsPx7nOOABb6ikvtdIDzC87 -egCv0XoQntpxPJ2kuYfczN0/pNvg8rWEk9X0tHRKSnVK8HVHAN+WrZx8JWS/YODE -zn+nElmRAoGBAPQhL4eZeAzvIr9pd+gcf1KnLsggFyGx42+mqLjje6hxXu5jC4YC -pfjHmCKhvd1u0yCmm8P9uQmPiCvgjqMz4iPrE+qa0Xu9faJ956Bs7i0Wky3Xqiy9 -HQNfax3F7HHXQc66i+7DQ3DEiBWmVV8LfddA6bzPTHxAtqPUERw/lG6/AoGBAMah -QNCGSyzGZYVwz+7erax7ke7A4DWumx2/wBTIe4S6XKLqh95Qjd7WeHgzN+UDMymO -BIOHivuch5cTILx+lphaX0bu1bn9aL6gMRm+FQBuefTVZHu/H+HS0Fr5FuKEBj84 -uxXFdAJwXY0yreciaotSr3wphm2Cl/5QAqZQfsOfAoGAXCaSrFqvyCIUObB0BHeN -UAOvUvdaA+wD78c29ONZcBGrRcy5MtKZF7kvohLvekA1DaQWM/r397XoLrfK36vb -9rbrg6kA3fZ/D/D6l8HGfdqBn9JCeDTCWN2Rr2FgiPA59PDRlUS7ljt5KsLogsHx -tGjaUdzmABjlWB3af5E4VD0CgYEAv7/91RA/1Dq22Oo+IahgWslz6NvT1p736fEp -miasb0aFlVT50xlKzBuZcthnFjNPmcca/mrENgA3ORXjHXTLJsrffZelRganrpbw -r5w7pA4Ct+OlPH0WZyffsmMSv5uaeD/pA6x5QL1+4odRMHeeCV/KPv/LYT6YQo60 -8B93MJsCgYEAoUp8NOU0BSb2TVDmiPvhTpfFmbNua9Vqd3XwAj2TfJZFM6Sc3+Dk -IdDy8cUEfPpf/TUO2ULGGEUM1qseng/jhiwY9w1mEA7UDjsc2r8v2Mo8vhV9Pafa -kPSwKbAR/vfQ4gtkgk9GOEAsjxcon3rs/UbAskKcmqA8YsMW2lKXs/c= ------END RSA PRIVATE KEY----- diff --git a/certbot-postfix/testdata/certificates/evil.crt b/certbot-postfix/testdata/certificates/evil.crt deleted file mode 100644 index 58146dcff..000000000 --- a/certbot-postfix/testdata/certificates/evil.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDcjCCAloCCQCIxODY/mB2CTANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x -DDAKBgNVBAoMA0VGRjEWMBQGA1UECwwNVGVjaCBQcm9qZWN0czEgMB4GA1UEAwwX -TWFpbCBEZWxpdmVyeSBPdmVybG9yZHMwHhcNMTgwMzMwMjMwNjIwWhcNMTkwODEy -MjMwNjIwWjBzMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG -A1UEBwwNU2FuIEZyYW5jaXNjbzEMMAoGA1UECgwDRUZGMRYwFAYDVQQLDA1UZWNo -IFByb2plY3RzMREwDwYDVQQDDAhldmlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAL7ToAf36lkjAaiYR2N8fQLaPbyfxGE7gu+DZz42cq0iVguU -WyldQX/KsYZUG4cjJ3XRnbuPZU5zy/aX6PdvgGZ5PkEucGrSTdDdVL5vuLLiSNU6 -hO3hDtOjPhHW701KaKbQlmhFubflVYI9JqrFGzjNgKQbEid96t50wjGKIKl3LTSx -jJS6DhCH+sVeqnz92ejiXAcrczrx/OIjBh3J2UGm1rpR8jv9fkB8JtiLOoyHgV1D -YfwFk4KbLS9L6uMvSaiK1XcAOPgYo20jGgLRXplVqCPvmfCc2ASpRfc8BtNxP5e0 -Jlv29KhF+76cxiNiDn1uQ7/14vsOoE5cOsWWeWsCAwEAATANBgkqhkiG9w0BAQsF -AAOCAQEAbShtlMQ2Yr8voORJr0yeRJ0VY9L9F0RJbLwVgyFyzuOyGti8lLVOfJFA -uT/yUGZRqoWNP+QX8IJ6GA5SlAXKHHA6JtkgFVff5k565aSUpTG93Yo9+4jbP+RH -o/y9lUVtCL7mCoKB9P99thBaR3zSqorPvs/yIslY69tgh4py8vMKMF19Td5P6yIQ -G2er0CC7rFTB+GSTRUQJrBGMgq/IcFUThDfgSlp661H9WBrVoYw3H6qggh0SMWJO -aZDHYj2ztL4AZaJfrFJ3nH05P+UaW1MDSwlvBoHx0pucCCg0iTZuK462YmvpcNDL -LrZWYR7mr4eWHH9RzSYN/5Kw1/BF9A== ------END CERTIFICATE----- diff --git a/certbot-postfix/testdata/certificates/evil.key b/certbot-postfix/testdata/certificates/evil.key deleted file mode 100644 index 22b84969a..000000000 --- a/certbot-postfix/testdata/certificates/evil.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAvtOgB/fqWSMBqJhHY3x9Ato9vJ/EYTuC74NnPjZyrSJWC5Rb -KV1Bf8qxhlQbhyMnddGdu49lTnPL9pfo92+AZnk+QS5watJN0N1Uvm+4suJI1TqE -7eEO06M+EdbvTUpoptCWaEW5t+VVgj0mqsUbOM2ApBsSJ33q3nTCMYogqXctNLGM -lLoOEIf6xV6qfP3Z6OJcBytzOvH84iMGHcnZQabWulHyO/1+QHwm2Is6jIeBXUNh -/AWTgpstL0vq4y9JqIrVdwA4+BijbSMaAtFemVWoI++Z8JzYBKlF9zwG03E/l7Qm -W/b0qEX7vpzGI2IOfW5Dv/Xi+w6gTlw6xZZ5awIDAQABAoIBAHJWkvizTzOBiije -tUei+7SN15gBksU/x0CD14SrUyLyA+SES+sI+Yn8hUobczMRmT87DeuoC+dp8rga -ZXh80s6Trv2XObyHriCLvY8tmdl1RHaeza9KvnuIwFQoGNKS1wm8yaJIxPKu8wFK -arS/zYPHfmDV55bKF8Sa6RCN1uwydkQkSv0qNAnW/94WlyWk0Peq7X2SeUYLjj6b -ilVyET3WxCjDsUYTAsSIw7gA1CC3xm7KobXirw4EWVFAE0HXThaTLXyXIqBBuq0U -bu79nCUqva6ScMnHtkMSw5rJoccqw4qRw+r7WW2mL1ZgIXHz41qeQX2VGNpEJhWZ -VLTDO4ECgYEA83lFRgz3v1SdjQYq85fM8O3vvuItOqERT21+NQKOiv/qp1SlKWOu -DNEVxllZOMWxhjJRo9KkMusDE058e2/a2MstBMJR6tcMCl0NIrvSPFmFXfaO6fBb -kshr/Rrr+S+QQi/qL7QqFFCeo9uPckVMF9z7SVUCMs2m7j5hsdXbsrECgYEAyKT0 -K2aHZCtS6LGgNrK7XPFGFFcWbaOFU8MSiykuK9yOMq+a1IQa6wlCLhxVQzHAyS/k -XKfTgtphvAQOv11bK1SiqKBqMlWyYLEQ9YIBfIKu0GoIUOVduG0gomZOJV1+MRTu -32PFBkCNQnlP+20VpFY5D1vcxspbdor2bP59XNsCgYEAxEFdmKC9V0nCkbmGB8K2 -HQL+fNRd9uN8S5UL5XkBI4Q0RttRIrLJymUDc1X0OHIKrgyDiFUzrCOJ4Bck+m7o -blYgHLTySSU8/GGTRAs35ROYEGy9OE9Z0VCi02vPCJbRZriuwfMs9CEkLxq9XzQC -qT2khLD0S7U/uM0p/KpRJJECgYEAlFZ/vmZ6ym/NSAOqc0YIh1pJeVg5WK2AMMET -wJadcAgLiSWSznMsg3/A0d5Ymuj5osQpjOb21NMnVp2ZWZlngc18xDZ0zOnWiu3d -n+SRvL/RBnyd0VEBzQvBCM+iDrXkSd00DSvxygGHbhHKNBQd3/VvEg/UVZPdsvJh -5Yrwm+kCgYAEvXKNGvcSEmR7oEMxm8tEUMiJ5gSKSaanCv529t/1r7M7OUxXPaRb -rscUvdDf2izGUIMcwYMQN0DpayifLsZoXHzTO4mBSepc404BH3tOGtTXdcmlAVtn -OQKXn7eV3yrkcqr2mqxBVp1o2sbrU1AghypshxYGbBHM2rF1SS3n8g== ------END RSA PRIVATE KEY----- diff --git a/certbot-postfix/testdata/certificates/self-signed.crt b/certbot-postfix/testdata/certificates/self-signed.crt deleted file mode 100644 index 3a0d03c25..000000000 --- a/certbot-postfix/testdata/certificates/self-signed.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFwzCCA6ugAwIBAgIJAKUz1/36w+LgMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp -c2NvMQwwCgYDVQQKDANFRkYxFjAUBgNVBAsMDVRlY2ggUHJvamVjdHMxFjAUBgNV -BAMMDXJlY2lwaWVudC5jb20wHhcNMTgwMzMxMDE0MzI2WhcNMTkwMzMxMDE0MzI2 -WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN -U2FuIEZyYW5jaXNjbzEMMAoGA1UECgwDRUZGMRYwFAYDVQQLDA1UZWNoIFByb2pl -Y3RzMRYwFAYDVQQDDA1yZWNpcGllbnQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC -Ag8AMIICCgKCAgEAqiR5ZLiXvu6zf2hRyKM1/uTqF1h7f+bsCwzxG0n3SGmeXMVq -GCacBLftMR6ufN2fVvnDt9g5JYK4RKUIcgfRwcn3UXq3NWRP++N6oIF+FjDatlUY -zzmlSmDuP0ozuaFQAGeqrsF9fCIBP8oX1vw3JPoRzb2yuAsuaYPVsrIM/Sp7ApF3 -qUp9X4FfrMFUTyuQNtaZXs/jCNaOHWi1d64qFFcHmpK3gdxPkp47OiVQY+VhoPrW -SFs8yVuOdS6/wPj1AzPj05qzWm/cwlkZnRl4Ol25kdA1Xl1UfrG3z/g6YYOR0vs7 -BfXiAS1+JX6izk6a55SjQWNb/6cdWWnO12NAtc+gx77KxtyeAaZr+qzAmKlXaCjr -A+tTvgGpKfF4Bhbf80LwuJmodv6hG3jJG1xhrpig82C9Q2oPwJjYRFg+N1sx6pqj -xlqX41ymtarMpuzaeikkDzLajlF3BYya8wHJ3Yc9XD+FdIWUCbtGoqWa7uFT3tEB -o3s5z7Cx5nPL2tRbah+PE5KDfApzN5lhoCyHe8KcZnZdfBt7VhfTt59qJP4mwf5A -pf7bTkaNhiHVa5GQQb6RhOEPMw+hUR4700S+PuzSKZ5WTePpny4f/2eVt9w9GXby -/EbTXzhtcQHzGBlhLp2yrGb1LYmLNwndsiBM7bciNBeV8OK7m9UwKQ92j5MCAwEA -AaNQME4wHQYDVR0OBBYEFORjWdSitq+F9t4gK++56NQuV5TiMB8GA1UdIwQYMBaA -FORjWdSitq+F9t4gK++56NQuV5TiMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggIBAAGAhmwgl7JyE1uq7TMBGXIj8umAvBB1C/rLJAuDM1lD8r/A4mmIzhF3 -nxfHpFycb3g85sVvjUUt8NmTl/c2w1coSdLzws87mLDDHXZBKTVY0jpmAESYxwIi -UZhOC8f4N+5CEhScTHpdPwzkPCFK/ktaZVXD4hSl8ICeF31Frw+0NOj4cnofwxZv -DCXUI245lZJMf8+acmPL/s4eEE60HsZ/XCQPrBK33TxlMGBhDxEnzriTRiVlPY/I -0BA9cO3e7d+a2MB+F9b3eoTo7kZ+2GkFVz0QY28KiovH6jAFMqI6c5Vo5YfvesmN -HjVi35fJ93G/fVtwvakdHNigev3FMTilu1lp/w6lwVZEfQoDJEPBunz671F9bm/m -J4JjEfPF36wY9yu6DIAsaBSI3EgB3sCHKo0Q6huZxLdVKup2rLsEsqAEYWCsQgxO -OEM4q4qqBI4wMkNHkMyD5SOfZPMRDNyZGjIPcztsiHxYHMzjl2b2tPQfo6paWgMn -ZFyvjPO+7J1srZDdVwhsTxqXCd/Hp+sxiH1MmX4rYkEAkqVprHxwyK/ZTpo3q51q -iQX3vKccXiDBR0RcasDEblLfRN2CX2CDz+BIVjRGESMSTJ8LHLJYGbaCT4a4QZBd -bESex2aWaPHjZ46uSd2jl/sh9TlC4d+IK7r97jSSAcxYChpTHYMM ------END CERTIFICATE----- diff --git a/certbot-postfix/testdata/certificates/self-signed.key b/certbot-postfix/testdata/certificates/self-signed.key deleted file mode 100644 index ba2294026..000000000 --- a/certbot-postfix/testdata/certificates/self-signed.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCqJHlkuJe+7rN/ -aFHIozX+5OoXWHt/5uwLDPEbSfdIaZ5cxWoYJpwEt+0xHq583Z9W+cO32DklgrhE -pQhyB9HByfdRerc1ZE/743qggX4WMNq2VRjPOaVKYO4/SjO5oVAAZ6quwX18IgE/ -yhfW/Dck+hHNvbK4Cy5pg9Wysgz9KnsCkXepSn1fgV+swVRPK5A21plez+MI1o4d -aLV3rioUVweakreB3E+Snjs6JVBj5WGg+tZIWzzJW451Lr/A+PUDM+PTmrNab9zC -WRmdGXg6XbmR0DVeXVR+sbfP+Dphg5HS+zsF9eIBLX4lfqLOTprnlKNBY1v/px1Z -ac7XY0C1z6DHvsrG3J4Bpmv6rMCYqVdoKOsD61O+Aakp8XgGFt/zQvC4mah2/qEb -eMkbXGGumKDzYL1Dag/AmNhEWD43WzHqmqPGWpfjXKa1qsym7Np6KSQPMtqOUXcF -jJrzAcndhz1cP4V0hZQJu0aipZru4VPe0QGjeznPsLHmc8va1FtqH48TkoN8CnM3 -mWGgLId7wpxmdl18G3tWF9O3n2ok/ibB/kCl/ttORo2GIdVrkZBBvpGE4Q8zD6FR -HjvTRL4+7NIpnlZN4+mfLh//Z5W33D0ZdvL8RtNfOG1xAfMYGWEunbKsZvUtiYs3 -Cd2yIEzttyI0F5Xw4rub1TApD3aPkwIDAQABAoICAFynOjhAUdqXEMa8H3Vcc+YX -8Oa/t5liPn6SEKaks/YKFkQ8+Vanh+UF6DQMmkbDRadOomd2Z0BnHEO9f4jhezfF -7VnAsw5vTyNDsJ7BhdE9z4zlcHpA0SNc/8EVfm+DSha+XXOHSPeVaQq82hioBrur -NpDM0gtpg1/QfEowreQcAxrV7s0RFI8y29AvA+ONPJ6wZJr+KIvCk2eugsvm22Fy -N2DUrvwX5nlYk7ZJZarQ2kaY8qI6lTKuGjj0OVYz/PE+i73LDAqeyiBH9yvXF+Lo -8UpXkQiPWJkZ3JhzfA9oX7v+Nhk72lR72qs+eBhTNAYSqojMO+hPsCrl9M7UbQLx -rTJQV76zGHB6wsrZ5tJ/mau3SOxKiJTmn0uirwFFi7MfEL/fL0X0GuY+TVMqdmuh -pdW7N902NCW1yyQC78aRG/UZvMe077tpb69Ut/ZKfhPsGr2O6Cb48POaifIu6cYJ -vQgBVnY4QHI6RTUuCL+CGM2avwn/7JuuZ1wBs3zuFhZ2MXBtjnG3kz6SC04P0dR3 -UQdIJPLRKTzeIRgE9ZeBAz/QC/vZyo0HwDL4PGQLdVGdGhlCdAOcdo5f36FTtHZ5 -AMelIpLyFaZ4hmvaoVGrpKoVZttEqXvhu43CktpO9EKphaIUir8/4E7oibnFf8bX -E6c7E1wyDHRastytjuFZAoIBAQDb75HHSU5GZvIYpbGmdpfzq49Tx7i2zSGtz7lq -UzXMWm+hdfPVnFdVHuioZ/vluatm0K82u6qiknDwJCeVH+zSQLwLAauRsCzPVNG9 -3CxKpZO6QB1g6KH3ykK2zVmWqARgyl9mbTIwBrXTFioMOn+KKHC4JAjsg4Y40CiJ -fPL5FJMsn29Eti7iOsM4lqCnMZC3jg7r9PkF6uC1hu8gOVNHqN3naFH6APV9BOa7 -Z+AaDIU/TJx+s3eL3OIewtIARfGntJzqJOEEHDhVQgu1H3gmFVnzFcJe7jMAwkaU -75wRZB1rkuEwFCqukKWrleUlNXfeTxKA7lQgXJXSBd5eKJkXAoIBAQDGCrAXf0wb -j8X04rcGor7HYzeh3gbBorKDLQo5wYu0kYu7GkxfkrCMZrrzTRBJay1K+wPdPiuc -l4eF+tGb+fLfodbFnmDs2KWqV2pPbkmftwYjCZsOnBzRb+aYvBlWRfGKyvl5WjJ9 -rGmWCG9WQjt8yHVEKjbLaAKP9FEzHIZORKmKlwzCIPHX+5UzNX0oCxf9F/pwpegd -w0IQrYEAnDQ7EtOs1BFwp3vasKaDPys4NaZQocK6kE+I8fDVslaCikMPMY7QOVCq -OsIuQY/Pxuwd49It0PvvE8W2bZpTL6ZllCu7BwcsQcGGk4re3iHCAR0fzH5wUyIP -kgOWNjXx7hLlAoIBAQDP8D851dsFwQsftnix0+pyXT/TjD7dxjATbxP0rNtubAqi -8ywoR/ph5ik+H6IPXm3pdWBTNTdtIVtaEDTETzzOxJmFJn0Z7yFOnPj4spPFt6pm -K3wbRZbs+fP9dUVApXYONQfhhVgwBAggnRIAIca3zuhTkO5G/0sFp/jLlLD8QjGr -vMmsgzrsdXZhqDgYG0qh4NPGzwQqThlKR1sKcmiElenHgeAPqJxxKRMlGF7PAgtw -/3PubquWNq4rOzLlQzvovWCmF1wPUMcKBLmg8zHbf9BdfbMZocfi7cthwPEjmC4g -qOvzUv3Psb6Q7dWKSnUcYFI0SCCNwDt+KEJHb8bdAoIBACm+Wvu481vj5EAIAbg+ -WaRBf5p46EeseaA4wC0IZOA8xY08r9h9XQVbKhDar5IqKzPg0SGzVxH8xq4w/jm4 -Z79Hp7Oj/J4v1EuhfWEcyBwIQhzki3B664Ah7CNJkrWirJUqz4cKwhXHX8ImKQGv -mEZnIoCpvT8Gv3OEdhEl9BFPW8VArYnF0/RIrVxL7AOiwv2wLjPMZK7RV32YdNai -FkhVYZTOZpauVubz0UVc7Uk91b6tOhSFEp61EKSaoK2HYzcypP2y9xPKqt+BJkUP -kvmB6e2KXXA5ZLVdSOg75QEISGd1xcdIXPh25RCxFcCE55SqUARxIX7SsjrZVmmW -WxkCggEBALIFdo3ZYFkQNOTElg613nd+YDZhR80zg74YYaHa4wkTgpHgoBYTjpso -A+sK4omyZ59Ya7pEAOKBhufPATPMRiFH9T8fxXRMH6Nts8cmiDuTmhc3R/T4Hxt5 -A7Pb20CCdFpiTVeGr/zIqlZCjxwYpPi1BrauJLRVqqXc8ixlnmCT0H+mlRmYlGbg -taZwuIQ63YM+U2flTCMG9jboaL8l7NT9Peg/TfYSnd0CS+90V3jR5n8/iQQDf2f9 -7PLDuNmYtYPHg5YKQBbVedKTwZuZZecFRb/teRjzLPVT2Dn/O+iSdQ4DHQQfv+zJ -tuSRLL0KfOMMo3qJvm/UprrqRW+Oa4Q= ------END PRIVATE KEY----- diff --git a/certbot-postfix/testdata/certificates/valid.crt b/certbot-postfix/testdata/certificates/valid.crt deleted file mode 100644 index 4bac401ae..000000000 --- a/certbot-postfix/testdata/certificates/valid.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDdzCCAl8CCQCIxODY/mB2CjANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x -DDAKBgNVBAoMA0VGRjEWMBQGA1UECwwNVGVjaCBQcm9qZWN0czEgMB4GA1UEAwwX -TWFpbCBEZWxpdmVyeSBPdmVybG9yZHMwHhcNMTgwMzMwMjMwNzM0WhcNMTkwODEy -MjMwNzM0WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG -A1UEBwwNU2FuIEZyYW5jaXNjbzEMMAoGA1UECgwDRUZGMRYwFAYDVQQLDA1UZWNo -IFByb2plY3RzMRYwFAYDVQQDDA1yZWNpcGllbnQuY29tMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAyDnXSD4NUHSrdsEET2wNlm/l3bxkl1dXVqiKHLVE -aY/naUr7R9lkhb+/BNb+5fGV+Wj83UjF0uagEGQGO3gNLhEu7LSnRdH52EDOFhs8 -nGvxdyb85gi2UDXCITljq9OgrYMgmTFz3Evy6jvIetvH0Lm5KDTWifHulwZEcYRn -Xw13qKvZ9vD6J/mHr1jcLk47nNJFdwrVeMhElZ6k2AeB9OOZS/fBfajzVSIkCBpr -JoqV3+bHrHe2aji8cNBjAUINpL4Sy6QMAuM95ne78gIGsxbJBgt7L1IM1RkQUluN -Wmvp7G3G4x7jKyp/Ts32vux6/1CTR85jiYNxGitJZQWitQIDAQABMA0GCSqGSIb3 -DQEBCwUAA4IBAQBuHLeiNZ+osqlZq4N6S90tj/PJip4AANiC4NHUH7AwoLdj966C -+rx8gsKRnMbh7GffRbYHTrrpimkWab2jjhcN9JpQvLoP09/KTIsyVbA8Le7Chnb0 -HTPtSFwbjx+65urFeBrBKubGAoAKl63a/xA0/wUQtc8p0fyB15WhCCcr2ZUo+dMV -txwcmJuyfVP4muUYrGcw2opWqH24lfD2rKDuQvtfFAtxiCl3lLbyxHgb26FADMMu -USPs2oVU50/3wBdko2C86R4HG3UyhzqpDP3sX+b83up+Xw+RbZsa3kwLlzt14pgo -+Zn097XnNN92tyioAEzYyCKbF0YRvxp3rUqT ------END CERTIFICATE----- diff --git a/certbot-postfix/testdata/certificates/valid.key b/certbot-postfix/testdata/certificates/valid.key deleted file mode 100644 index 003b5e4bd..000000000 --- a/certbot-postfix/testdata/certificates/valid.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAyDnXSD4NUHSrdsEET2wNlm/l3bxkl1dXVqiKHLVEaY/naUr7 -R9lkhb+/BNb+5fGV+Wj83UjF0uagEGQGO3gNLhEu7LSnRdH52EDOFhs8nGvxdyb8 -5gi2UDXCITljq9OgrYMgmTFz3Evy6jvIetvH0Lm5KDTWifHulwZEcYRnXw13qKvZ -9vD6J/mHr1jcLk47nNJFdwrVeMhElZ6k2AeB9OOZS/fBfajzVSIkCBprJoqV3+bH -rHe2aji8cNBjAUINpL4Sy6QMAuM95ne78gIGsxbJBgt7L1IM1RkQUluNWmvp7G3G -4x7jKyp/Ts32vux6/1CTR85jiYNxGitJZQWitQIDAQABAoIBAHKeCcrlGqIP54eX -fmwooq6XZ7LDAaJQ8UI+QLGmYn87TXFM5wN+Qrj9xs9yc4AWB5A6tWXHHtdYBhDb -8WVhl8njNEV0NL0XMjrE/jRRayTv9c4Ll4HnQtYvr+1s+M2H29b31VVcpcJaB7hm -eKE75uppJsEJXjahM79oaw3AiZwzCJow5oKATz1Ttk7LD7sC23hyHHCIzM5nG+Od -s0JbJj08xMZxlsts3WdbF14bfPgyKFIIbYm/qdeosPX26PmZvevtPLItomttO8d7 -c5HV8oYiLCmEDUSPuN13IeTRjuIEvU/zkVqRHxDTWtrzyQi74swAPW3e+SjvVALq -26MsNRECgYEA/Py/cM80WYBsEXHT8D3TKMECxhD2OWp3wvlx8jHtCyK8DxHeUWvD -4WlpOUSXkTsTbFfmhblHjnVIM9+kQn3tZnhTv/G4Xm+j11XakHm5GZ31YqSVwPW+ -MPCc69OkDwAZExhjkJSGvUF2WcrlJ96t34lX+3W5GJMdiRPYlHxiXZ8CgYEAypw+ -8jUlkKYBARKvGj6wzPX5xYdmNmoprVhq4jJGL8vwHgjsxlCz9eoixp3vBxhfKpgu -jYrUv3LjiWwiR95zQQYuRTUt5ERlC7/d64lAhEvhKLkvQo8x/x9OQ5WX/0UlLd4N -GLRjSzY/7TCdQW37OBSWyQTnXKZ5lGCfamEldysCgYB8LPMqxAnGBKsGxQBqY25K -CrL51UmGVSQDp7yuTKM1XA9CtlqRTHwRIFRtr6VVu9GE1IBqEs90tUyDabqOiJEG -QvmYtWTxtYqOH63wTE72q/nOOUroM7bu/quHdZKJalrkbIwyYzTfoEofON/R+hMO -LbPp0ZbQ4SUWK4+bEpKVsQKBgFsfiIPgeUOkFYGJCK2yEkwsOKipK8Q/XP00beXL -nJt0ikrH0s2ikD2Cjx9q+ozjXjHG/fD0xphQMJumwYg3OPi+seK4dypZxGRTZ5i+ -QwD9K4foOaQiyOaoCsgEqLbLP1xwqM06nAnAnWGs4p0BvOHNCL/h77hQuw+LoUbz -6Ci/AoGBANZXia/sxU40a8zYsj/QlYK+51Q+h+UNqY4n4QY4MDho9hipL/SNKfbs -5Sg9NJCL4mYQKdlh3BpASDEd2gyflGTCwbz1yiNA12hX0F8bF6gVSFW9ZnCxTCAF -3mQKRi8QAts4yieLe7QeII7LzBIZyhn3Wr369/+oDIVHDrbEZdRr ------END RSA PRIVATE KEY----- diff --git a/certbot-postfix/testdata/recipient_policy.json b/certbot-postfix/testdata/recipient_policy.json deleted file mode 100644 index 02162c46e..000000000 --- a/certbot-postfix/testdata/recipient_policy.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "timestamp": "2018-03-30T19:45:16+00:00", - "author": "Electronic Frontier Foundation https://eff.org", - "expires": "2018-04-30T19:45:16+00:00", - "version": "0.1", - "pinsets": {}, - "policy-aliases": { - "recipient": { "mode": "enforce", "mxs": ["recipient.com"] } - }, - "policies": { - "recipient": { "policy-alias": "recipient" } - } -} diff --git a/certbot-postfix/testdata/recipient_policy_keypin.json b/certbot-postfix/testdata/recipient_policy_keypin.json deleted file mode 100644 index 4040a6a50..000000000 --- a/certbot-postfix/testdata/recipient_policy_keypin.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "timestamp": "2018-03-30T19:45:16+00:00", - "author": "Electronic Frontier Foundation https://eff.org", - "expires": "2018-04-30T19:45:16+00:00", - "version": "0.1", - "pinsets": { - "eff": { - "static-spki-hashes": [ - "sha1/B5:68:C5:05:5E:5B:F0:03:93:9F:E1:89:10:21:A7:3E:E3:A9:B0:B9" - ] - } - }, - "policy-aliases": { - "recipient": { "mode": "enforce", "mxs": ["recipient.com"] } - }, - "policies": { - "recipient": { "policy-alias": "recipient" } - } -} diff --git a/certbot-postfix/tests/run_tests.sh b/certbot-postfix/tests/run_tests.sh deleted file mode 100755 index 362071dca..000000000 --- a/certbot-postfix/tests/run_tests.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/sh - -set -e - -RCPTNAME=recipient -SENDNAME=sender -NETWORKNAME=certbot_postfix_network -IMAGE_NAME=certbot_postfix -BASE_IMAGE=certbot_local - -# Create network if it doesn't exist -docker network create -d bridge $NETWORKNAME || true - -# Build with all the changes. -docker build -t $BASE_IMAGE -f ../Dockerfile ../ -docker build -t $IMAGE_NAME . - -# Run sender and receipient images -docker stop $SENDNAME || true -docker stop $RCPTNAME || true - -docker run --rm --network=$NETWORKNAME \ - -d --name $SENDNAME -h $SENDNAME $IMAGE_NAME - -docker run --rm --network=$NETWORKNAME \ - -d --name $RCPTNAME -h $RCPTNAME $IMAGE_NAME - -docker_do() { - docker exec ${1} /bin/sh -c ". ./tests/setup.sh && ${2}" -} - -sender_do() { - docker_do $SENDNAME "$1" -} - -recipient_do() { - docker_do $RCPTNAME "$1" -} - -both_do() { - sender_do "$1" && recipient_do "$1" -} - -both_do "setup && install_certs valid" - -echo "Regular mail over TLS..." -sender_do "echo -e 'Subject: Subject\n\nbody' | sendmail root@${RCPTNAME}" -sleep 1 -recipient_do "grep \"TLS\" /var/mail/root" - -echo "Mail NOT sent over TLS..." -recipient_do "rm /var/mail/root" -recipient_do uninstall_certs -sender_do "echo -e 'Subject: Subject\n\nbody' | sendmail root@${RCPTNAME}" -recipient_do "[ -f /var/mail/root ] && ! (grep \"TLS\" /var/mail/root)" - -echo "Mail NOT sent over TLS if policy configured poorly..." -sender_do "install_certs valid --starttls-policy /opt/certbot-postfix/testdata/recipient_policy.json" -sender_do "echo -e 'Subject: Subject\n\nbody' | sendmail root@${RCPTNAME}" -sender_do "mailq | grep \"TLS is required, but was not offered\"" - -echo "Mail NOT sent over TLS if cert name wrong..." -recipient_do "install_certs evil" -sender_do "echo -e 'Subject: Subject\n\nbody' | sendmail root@${RCPTNAME}" -sender_do "mailq | grep \"Server certificate not trusted\"" - -echo "Mail NOT sent over TLS if certs root not trusted..." -recipient_do "install_certs self-signed" -sender_do "echo -e 'Subject: Subject\n\nbody' | sendmail root@${RCPTNAME}" -sender_do "mailq | grep \"Server certificate not trusted\"" - -echo "Mail sent over TLS if policy configured properly..." -recipient_do "install_certs valid" -sender_do "echo -e 'Subject: Subject\n\nbody' | sendmail root@${RCPTNAME}" -sleep 1 -recipient_do "grep \"TLS\" /var/mail/root" - diff --git a/certbot-postfix/tests/setup.sh b/certbot-postfix/tests/setup.sh deleted file mode 100755 index eb94e81bc..000000000 --- a/certbot-postfix/tests/setup.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -DEFAULT_CONF=/etc/postfix/main.cf -BACKUP_TLS_CONF=/etc/postfix/tls.cf.bk -BACKUP_NO_TLS_CONF=/etc/postfix/no_tls.cf.bk - -setup() { - ### Certbot setup - ln -sf "/opt/certbot-postfix/testdata/certificates" /etc/certificates - - # Postconf things for testing purposes. - postconf -e smtpd_use_tls=no - postconf -e smtpd_tls_received_header=yes - postconf -e smtputf8_enable=no - postconf -e disable_dns_lookups=yes - postconf -e myhostname=$HOSTNAME - newaliases - - cat /etc/certificates/ca.crt >> /etc/ssl/certs/ca-certificates.crt -} - -install_certs() { - # If certs alrady installed, restore from backup. - if ! [ -f $BACKUP_NO_TLS_CONF ]; then - cp $DEFAULT_CONF $BACKUP_NO_TLS_CONF - fi - - # Install certs via certbot! - cert_name=$1 - shift - certbot install --installer postfix \ - --cert-path /etc/certificates/$cert_name.crt --key-path /etc/certificates/$cert_name.key \ - -d recipient.com ${@} -} - -uninstall_certs() { - # We shouldn't have to do anything other than - # restore the original backup version. - if [ -f $BACKUP_NO_TLS_CONF ]; then - cp $BACKUP_NO_TLS_CONF $DEFAULT_CONF - postfix reload - exit 0 - fi -} diff --git a/certbot/cli.py b/certbot/cli.py index daf6784fd..1c2273c8a 100644 --- a/certbot/cli.py +++ b/certbot/cli.py @@ -1110,9 +1110,6 @@ def prepare_and_parse_args(plugins, args, detect_defaults=False): # pylint: dis helpful.add( "security", "--no-uir", action="store_false", dest="uir", default=flag_default("uir"), help=argparse.SUPPRESS) - helpful.add( - "security", "--starttls-policy", dest="starttls_policy", - default=flag_default("starttls_policy"), help=argparse.SUPPRESS) helpful.add( "security", "--staple-ocsp", action="store_true", dest="staple", default=flag_default("staple"), diff --git a/certbot/client.py b/certbot/client.py index ee38fdc5e..2992c0cec 100644 --- a/certbot/client.py +++ b/certbot/client.py @@ -472,8 +472,7 @@ class Client(object): ("hsts", "ensure-http-header", "Strict-Transport-Security"), ("redirect", "redirect", None), ("staple", "staple-ocsp", chain_path), - ("uir", "ensure-http-header", "Upgrade-Insecure-Requests"), - ("starttls_policy", "starttls-policy", None),) + ("uir", "ensure-http-header", "Upgrade-Insecure-Requests"),) supported = self.installer.supported_enhancements() for config_name, enhancement_name, option in enhancement_info: @@ -481,8 +480,6 @@ class Client(object): if enhancement_name in supported: if config_name == "redirect" and config_value is None: config_value = enhancements.ask(enhancement_name) - if config_name == "starttls_policy" and config_value is not None: - option = config_value if config_value: self.apply_enhancement(domains, enhancement_name, option) enhanced = True diff --git a/certbot/constants.py b/certbot/constants.py index e19a99747..0d0ee8d3f 100644 --- a/certbot/constants.py +++ b/certbot/constants.py @@ -60,7 +60,6 @@ CLI_DEFAULTS = dict( hsts=None, uir=None, staple=None, - starttls_policy=None, strict_permissions=False, pref_challs=[], validate_hooks=True, @@ -136,7 +135,7 @@ RENEWER_DEFAULTS = dict( """Defaults for renewer script.""" -ENHANCEMENTS = ["redirect", "ensure-http-header", "ocsp-stapling", "spdy", "starttls-policy"] +ENHANCEMENTS = ["redirect", "ensure-http-header", "ocsp-stapling", "spdy"] """List of possible :class:`certbot.interfaces.IInstaller` enhancements.